businesswoman playing in the office

Accountant ordered to pay ex-employer after bossware shows “time theft”

The case of Karlee Besse, an accountant in British Colombia, was recently dismissed by the Civil Resolution Tribunal (CRT) in Canada, with a judge ordering her to pay back her former employer, Reach CPA, for “engaging in time theft”—a revelation that wouldn’t have been possible if not for software Reach installed on her computer.

According to the decision, Besse filed a counterclaim against Reach for terminating her employment without just cause, and is entitled to unpaid wages and severance pay amounting to approximately C$5,540 ($3,386). “However, she limits her claim to $5,000, which is the Civil Resolution Tribunal’s (CRT) small claims monetary limit,” the document further said.

Reach, on the other hand, argued Besse was dismissed with just cause, thus, not eligible for any compensation.

In February 2022, three months after Besse’s first day at Reach, the company installed TimeCamp, a time-tracking software, on her work laptop. TimeCamp is a workplace surveillance software, more commonly referred to as bossware.

Per the document: “Miss Besse began having weekly meetings with her manager to help her better manage her files. She says she initiated the meetings because she felt unproductive and that she was not performing as well as she should have been.”

Weeks after, Reach says it noticed Besse clocked in more than 50 hours of work time that “did not appear to have spent on work-related tasks”. FG, a principal at Reach, say they analyzed Besse’s timesheets and TimeCamp data and found “irregularities between her timesheets and the software usage logs”. Reach also said it has videos of Besse as proof that she had been recording work times in her timesheets that weren’t consistent with the software’s data.

Besse’s explanation is that she found the software “difficult to use and she could not get the program to differentiate between time spent working and time spent on the laptop for personal use”. Reach, however, demonstrated that TimeCamp automatically makes these differentiations.

“For example, if Miss Besse had a streaming service like Disney Plus open, TimeCamp recorded its electronic pathway and how long the service was accessed. As this was not activity associated with client work, Reach would classify it as personal. Similarly, if she accessed a client file, used software associated with client work, or printed client documents, TimeCamp recorded those electronic pathways and the time spent on each task, and Reach classified this as work activity.”

Besse also says she spends a lot of time working on paper copies of client documents, which she claimed TimeCamp couldn’t track. However, Reach provided data on her printing activity, saying “she could not have printed the large volume of documents she would have needed to work on in hard copy”. She also would have entered information from the hard copy into the software, but apparently TimeCamp has no data showing this activity.

Megan Stewart, a member of the tribunal, wrote, “Even if I accept Miss Besse was working in hard copy most of the time, there is no evidence she uploaded her work onto Reach’s electronic system, or otherwise demonstrated to Reach that she spent any significant amount of time performing work-related tasks in connection with the 50.76 unaccounted hours.”

The tribunal dismissed Besse’s claims. Within days of the decision’s release, she must pay Reach CPA a total of C$2,756.89. This amount includes debt and damages incurred from the time theft, a partial amount of an advance she received from the company, a prejudgement interest under the Court Order Interest Act (COIA), and a CRT fee.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


Jovi Umawing

Knows a bit about everything and a lot about several somethings. Writes about those somethings, usually in long-form.